|
-
May 23rd, 2006, 04:58 AM
#21
I'v taken appart a fair few rootkits, and they are by no means simple, thought most of them these days tend to use the NET command to overwrite certain boot hooks to allow the rootkit to be run at start as a network service instead of the standard windows messenger forexample, which shuts down on execution if you have MSN so most people won't notice the difference.
rootkits have a nasty way of being composed of several smaller components, all of which are 'ligitimate' as far as any antivirus program is concerned, often made from freeely available software components which in and of themselves are not harmful.
I normaly find it easier to simply wipe the machine rather than try to save it when it comes to rootkits, there are simply too many undocumented versions out there..
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
-
May 23rd, 2006, 02:42 PM
#22
Assuming that this problem can be rectified without a reinstall, after patching the OS and getting an up-to-date antivirus (AVG at www.grisoft.com is a good one), I'd also have your parents use a restricted account instead of running under the typical 'administrator' account. Also, I'd get real familiar with gpedit.msc as you can restrict everything under the sun just about.
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote